UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi/pulumi-aws

170 lines • 6.57 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.ServerlessAccessPolicy = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Resource for managing an AWS OpenSearch Serverless Access Policy. See AWS documentation for [data access policies](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-data-access.html) and [supported data access policy permissions](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-data-access.html#serverless-data-supported-permissions). * * ## Example Usage * * ### Grant all collection and index permissions * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const current = aws.getCallerIdentity({}); * const example = new aws.opensearch.ServerlessAccessPolicy("example", { * name: "example", * type: "data", * description: "read and write permissions", * policy: JSON.stringify([{ * Rules: [ * { * ResourceType: "index", * Resource: ["index/example-collection/*"], * Permission: ["aoss:*"], * }, * { * ResourceType: "collection", * Resource: ["collection/example-collection"], * Permission: ["aoss:*"], * }, * ], * Principal: [current.then(current => current.arn)], * }]), * }); * ``` * * ### Grant read-only collection and index permissions * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const current = aws.getCallerIdentity({}); * const example = new aws.opensearch.ServerlessAccessPolicy("example", { * name: "example", * type: "data", * description: "read-only permissions", * policy: JSON.stringify([{ * Rules: [ * { * ResourceType: "index", * Resource: ["index/example-collection/*"], * Permission: [ * "aoss:DescribeIndex", * "aoss:ReadDocument", * ], * }, * { * ResourceType: "collection", * Resource: ["collection/example-collection"], * Permission: ["aoss:DescribeCollectionItems"], * }, * ], * Principal: [current.then(current => current.arn)], * }]), * }); * ``` * * ### Grant SAML identity permissions * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.opensearch.ServerlessAccessPolicy("example", { * name: "example", * type: "data", * description: "saml permissions", * policy: JSON.stringify([{ * Rules: [ * { * ResourceType: "index", * Resource: ["index/example-collection/*"], * Permission: ["aoss:*"], * }, * { * ResourceType: "collection", * Resource: ["collection/example-collection"], * Permission: ["aoss:*"], * }, * ], * Principal: [ * "saml/123456789012/myprovider/user/Annie", * "saml/123456789012/anotherprovider/group/Accounting", * ], * }]), * }); * ``` * * ## Import * * Using `pulumi import`, import OpenSearchServerless Access Policy using the `name` and `type` arguments separated by a slash (`/`). For example: * * ```sh * $ pulumi import aws:opensearch/serverlessAccessPolicy:ServerlessAccessPolicy example example/data * ``` */ class ServerlessAccessPolicy extends pulumi.CustomResource { /** * Get an existing ServerlessAccessPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new ServerlessAccessPolicy(name, state, { ...opts, id: id }); } /** * Returns true if the given object is an instance of ServerlessAccessPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === ServerlessAccessPolicy.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["description"] = state?.description; resourceInputs["name"] = state?.name; resourceInputs["policy"] = state?.policy; resourceInputs["policyVersion"] = state?.policyVersion; resourceInputs["region"] = state?.region; resourceInputs["type"] = state?.type; } else { const args = argsOrState; if (args?.policy === undefined && !opts.urn) { throw new Error("Missing required property 'policy'"); } if (args?.type === undefined && !opts.urn) { throw new Error("Missing required property 'type'"); } resourceInputs["description"] = args?.description; resourceInputs["name"] = args?.name; resourceInputs["policy"] = args?.policy; resourceInputs["region"] = args?.region; resourceInputs["type"] = args?.type; resourceInputs["policyVersion"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(ServerlessAccessPolicy.__pulumiType, name, resourceInputs, opts); } } exports.ServerlessAccessPolicy = ServerlessAccessPolicy; /** @internal */ ServerlessAccessPolicy.__pulumiType = 'aws:opensearch/serverlessAccessPolicy:ServerlessAccessPolicy'; //# sourceMappingURL=serverlessAccessPolicy.js.map